Description

Cross-site scripting (XSS) vulnerability in the OCS discovery provider component in ownCloud Server before 7.0.12, 8.0.x before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a URL.

Remediation

References

CVE-2016-1498

Related Vulnerabilities

Jboss EAP Resource Management Errors Vulnerability (CVE-2016-7046)

WordPress Plugin Nginx Helper Cross-Site Scripting (1.8.9)

WordPress Plugin Forms:3rd-Party Inject Results Cross-Site Scripting (0.2)

ownCloud Improper Input Validation Vulnerability (CVE-2012-5610)

Django Resource Management Errors Vulnerability (CVE-2015-5145)

Severity

Medium

Classification

CVE-2016-1498 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities